On Wed, Apr 26, 2000 at 02:46:19PM -0500, Leland V. Lammert wrote:
> >Of course, nothing is as secure as a human being typing the passphrase in
> >at startup, but we've established that that is too much like hard work :).
>
> Sorry, .. but you missed the point. If you are rebooting a server:
>
> 1) In many cases the person doing the rebooting does not have root access, .. much
>less knowledge OF the pass phrase!
>
> 2) In many other cases, the reboot is done remotely.
>
> 3) In both cases above, the server would HANG on reboot awaiting a passphrase.
>
> 3) In 95% of the other cases, nobody is going to the trouble to write a C program
>just to enter the passphrase.
>
> 4) A passphrase on a server doesn't really matter anyway, .. since if the machine is
>setup correctly only the SysAdmin has access to the directory with the key.
While I tend to agree to points 1-3a, I would not follow 4:
Your idea of "server" and "setup" does not cover all cases. Whenever I have
physical access to ther server, the security of an item located on the
harddisk is on risk. I can try to reboot to single user mode and access the
data or boot from a support medium and so on. As long as the key is on
the disk without passphrase, there is a risk of it being stolen.
Having this said, I do have my key unencrypted on the disk, because my
server must be able to boot unattended. It is a tradeoff, but my SSL setup
is not really important, so I decide for the easy way to go :-)
As an addition: Consider me having root access, I can easily read the
command for the "automated pass phrase program" and can call it to obtain
the passphrase and the steal the private key. It just takes one more small
step.
My summary: If you want unattented startup your key must be accessible,
the "passphrase program" approach does not increase your security
significantly.
Best regards,
Lutz
PS. Ever considered the case of exchanging the harddisk with the key on it?
Where do you store it after (phyically) unmounting it. Do you delete it
before sending it to service? Do you make backups of your system setup?
Where do you store the tapes? Writing a backup tape may take several
hours, do you sit around all the time so that nobody can just take
the tape from the drive?
Just to add some more paranoia to the discussion :-)
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
